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(54) Transaction authorization and alert system 

(57) An automated method for alerting a customer 
that a transaction is being initiated and for authorizing 
the transaction based on a confinnation/approval by the 
customer thereto. In acconJance with one illustrative 
embodiment, a request to authorize the transaction is 
received, wherein the request includes a customer Iderv 
tifier; a determination is made whether to authorize the 
transaction based on the customer identifien if the de- 
termination is to authorize the transaction, that fact is 
communicated to the customer, a confirmation that frie 
transaction should, v\ fact, be authorized is received 
bacic from the customer, and the transaction is author- 
ized in response to the customer's confirmation thereof. 
In accordance with another illustrative embodiment, a 
transaction initiated by an agent of the customer {i.e., 
the princ^l) is authorized by the principal when one or 
more threshold parameters that may be pre-defined by 
the principal are exceeded. A preferred method of alert- 
ing the customer and receiving a confirmation to author- 
ize the trarisaction t>acl(f rom the customer is illustrative- 
ly afforded by conventior^ two-way pagers. 
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Description 

Field cf the Invention 

This invention relates to a transactton authorization 
and alerting system, and nrK>re particularly to a method 
and apparatus tor using a communications system to 
alert an interested party ot a recently completed trans- 
action and/or to obtain authorization from the interested 
party tor a pending transaction. 

Background of the Invention 



The credit card identification numbers assigned to 
credit card customers are presented to many different 
people in a variety of circumstances - when applying 
for financial sen/ices, when concluding purchases in a 
store, and when making purchases over the telephone, 
through the mail, or over e-maW (electronte mail). The 
large number of people lhal have access to a customer's 
credit card number has frequently led to fraud. The ad- 
vantages of using credit cards, however, are substan- 
tiaL The customer finds their use advantageous in that 
he or she need not carry cash or write checks. Credit 
card purchases also have advantages to the retailer as 
compared, for example, to payment by check, since the 
credit card sendee provkier ensures timely payment to 
the retailer, regardless of when the customer pays the 
balance on the credit card account. However, credit 
cards or credit card numbers are often stolen, and credit 
card numbers are often used over the telephone or 
through the mail without any secure mechanism for con- 
firming the customer's kientity. 

Telephone calling card numbers have security prob- 
lems similar to those of credit cards. These numbers are 
often spoken atoud or entered through a touch tone key- 
pad, thereby allowing others the opportunity to record 
them (either electronically or by mere obsen^atkxi), and 
to then fraudulently use the numbers. Another common 
source of fraud stems from authorized usage of a credit 
card or a telephone calling card followed by a customer 
denial that he or she made the purchase or placed the 
call Thus, simply controlling access to the credit or call- 
ing card number without more may be inadequate. Com- 
puter access to secure databases is yet another exam- 
ple of a tfansactkxi that depends upon private customer 
identifiers fte,, passwords) whk:h through legal or illegal 
channels may become known to others, thereby altow- 
ing unauthorized access to these databases. 

Prior art mechanisms lor handling such security 
concerns have not taken advantage of advances in 
communkjations and conH^uter systenrw toautomate the 
alerting and approval process. Most techniques which 
have heretofore attempted to address these security is- 
sues tend to significantly increase the complexity of the 
communicaton protocol. For example, the customer 
may be asked addittonal questions {the answers to 
whteh it is expected that only the authorized party would 



know), or may be required to provide additional informa- 
tion as a part of each transaction such as a (secret) Per- 
sonal Identification Number (PIN). Moreover, H n^ay be 
required that such PINs be modified on a routine basis 
5 in order to noaintain their secrecy. To encourage custom- 
ers to make use of these types of sewices (e.g., credit 
and calling cards), it has become common to limit the 
liability of the customer while increasing the liability of 
the service provider (e.g., the credit card vendor or tel- 
10 ephone company). Unfortunately, unauthorized uses 
usually go undetected until a periodic service report is 
issued - typically, at the end of a monthly billing cycle 
and k>ng after the fraud was perpetrated. 

In addition to the above-descrtoed security issues. 
15 one commonly desired class of financial transactbns in^ 
volves a principal who empowers an agent to initiate and 
complete routine transactions without the principal's 
knowledge or approval. However, the principal often re- 
sen^es the right to be alerted to, or even to approve, such 
20 transactkjns. particularly when they are ident'ifiably non- 
routine or atypical. For example, approval may be re- 
quired when certain threshokJ parameters that are as- 
sociated with the transactkKi (which may, for example, 
be pre-defined by the principaO are exceeded. 
25 Prtor art mechanisms for handling such agent initi- 
ated transactkxns have also not taken advantage of ad- 
vances in communfcations and computer systems to au- 
tomate the alerting and approval process, thereby lim- 
iting the scope of applications of such transactkxns. For 
30 example, a card owner, such as a corporatkxi (parent) 
that provides an emptoyee (young adult) with a credit/ 
debrt card to charge business (personal) expenses, typ- 
ically places certain restrfct'ions on the use of the card 
by the cardhoWer to prevent abuses, excesses or fraud. 
35 Those restricttons include, for example, upper limits on 
either the total amount of money that can be charged to 
a commercial credit card, or the number of transactions 
that can be authorized for a credit card number within a 
predetemiined period of time. Those restrctkxis some- 
40 times operate to deny access to credit to a cardholder 
who is stranded or facing an emergency situation, when 
ironically credit is most needed. This clearty defeats the 
purpose of empowering the employee or young adult^ 
Yet.oversightoftheuseofthosecreditcardsbythecard 

45 owners is stiH needed since the card owners are uni- 
mately financially responsible for the expenses charged 
to those credit cards. This Issue takes particular slgnr^ 
icance when one consWers that merchants concerned 
about lack of legal competency of minors to complete 
so card transactions have been reluctant to accept debitor 
credit cards as a means of payment from minors. Hence, 
another specific problem of the prior art is lack of a flex- 
ible restrtetiun mechanism for principals to limil monitor, 
and/or approve use of a card by cardhoWer for non-rou- 
ss line commercial transactions. 
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Summary of (he Invention 

We have recognized that the aforementioned prob- 
lems resutt from the inability to quickly and efficiently in- 
form the individual customer (e.g., the account holder 5 
or the principal) that his or her customer identifier (e,g., 
credit/debrt/calltng card number. PIN. password, etc. ) 
is t>ein9 used in a transaction for a particular purpose, 
and the inability of the customer to respond thereto in 
order to confirm or deny its use. Thus, in accordance 
with certain illustrative embodiments of the present in- 
vention, an automated rnelhod for authorizing a trans- 
action is provided in which the customer is informed of 
a pending authorization thereof, and the transaction is 
then authorized only in response to a customer confir- *5 
mation. In accordarwe with certain other illustrative em- 
bodiments, the irwention provides a method and a sys- 
tem which allow a principal to be autocnatlcally alerted 
to, and/or to promptly authorize, an agent-initiated 
transaction which may. lor example, be deemed atypical 
based on a pre-stored profile specified by the principal. 

In accordance with one illustrative embodiment, a 
request to authorize a transaction is received, wherein 
the request includes a customer identifier; a determina- 
tion is made whether to authorize the transaction based 
on the customer identifier; if the detenmtrtation is rmde 
to authorize the transaction, the pending authorization 
is communicated to the custonr^er; a confimnation that 
the transaction is. in fact, to be authorized is received 
back from the customer; arxJ the transaction is author- 30 
ized in response to the customer's confirmatkxi thereof. 

One approach to communcating such a determina- 
tion to authorize the transactkx) and to receive such a 
confirmation to authorize from the customer is illustra- 
tively afforded by conventional two-way pagers. For ex- 35 
ample, a computer database, dharge6 with the task of 
authorizing a transactkxi, may signal the customer via 
paging whenever his or her customer klentifier is used. 
Akxig with this notificatkxi, relevant information may be 
displayed on the pager's alphanumerc (or numeric) dis- 
play. The customer may then respond (via the two-way 
pager) by confirming or denying the pending authoriza- 
tk)n. 

According to one aspect of the invention, exception 
conditkxis that trigger a customer's aleitng or approval ^ 
process may be stored in a profile specified by the cus- 
tomer. This profile associates those exceptk)n condi- 
tkxis to a personal communk:ations address, such as a 
paging numt>er or a "SOO" or "700* prefix telephone 
number at whteh the customer can be reached. For ^ 
credit/debit and caR'tng card transactions, exception 
conditions may be caused, for example, by a request for 
credit antount (or number of transactions) above thresh- 
oki parameters pre-imposed by the card owrter (or the 
use of the card, or breach of other corKfitions pre-de- ^ 
fined by the card owner for the use of the card. In ac- 
cordance with the principles of the invention, the card 
owner may elect to simply receive the alert message or 



to authorize/deny the charging of the expenses to the 
card number by trartsmitting an approval/disapproval 
nr^ssage to the card issuer as part of the card valtdaton 
process. 

According to another aspect of the inventbn. a mer- 
chant may request the approval of a parent or guardian 
to a debit/credit card transaction, such as a stored-value 
smartcard, presented to the merchant by a minor alleg- 
ing to act on behalf of the parent or guardian. In that 
case, the card number, or a proxy thereof, may be used 
as a search key to retrieve the parent or guardian's pro- 
file that identifies a communications address for the par- 
ent or guardian. The transaction is approved only if an 
authorization message is received from the parent or 
guardian. 

Brief Description of the Drawings 

FIG. 1 is a telecommunicatkxt system arranged in 
accordance wiUi the inventkxi to allow a card owner to 
authorize, or to be alerted to transactions charged to the 
card by a cardholder 

FIG. 2 illustrates an exemplary message that is 
transmitted by an automatic diafing unit at a merchant's 
location to a card issuer's valkiation database. 

FIG. 3 shows an illustrative table that associates 
alerting threshoki parameters to card numbers.' 

FIG. 4 shows an Blustrative generc message that 
is transmitted by an automatic dialing unit at a mer- 
chant's kx^atksn to a card owner's communications de- 
ynce. 

FIG. 6 shows specific exismplary messages that 
may be transmitted by a card valkJatkxi system to a card 
owner's communications device. 

FIG. 6 is a table that con^elates merchant codes to 
types of commercial establishments. 

FIG. 7 shows a flow diagram outlining illustrative 
programmed instructions executed by different ele- 
ments of the conununicalions system of FIG. 1 to re- 
ceive approval for, or to alert a credit card owner to, a 
credit card transaction initiated by a card holder in ac- 
cordance with certain illustrative embodiments of the 
present kivention. 

FIG. 8 is a flow chart of illustrative programmed in- 
suucikx^ executed by various components of the com- 
municattons system of FIG. 1 to receive approval from 
a parent or a guardian ci a mhor initiated debit card 
transaction in accordance with a first iUustrat'ive embod- 
iment of the present inventk>n. 

FIG. 9 shows a flow chart of a credit card purchase 
transactkxi to which certain Illustrative emlxxJiments of 
the present inventk)n may advantageously be applied. 

FIG. 10 shows a flowchart of an authorization proc- 
ess in accordance vnth a second Olustrative embodi- 
ment of the present invention. 

FIG. 11 shows a flow chart of an authorizatkKi proc- 
ess in accordance with a third Olustrative embodiment 
of the present inventk>n. 
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FIG. 1 2 shows a flow chart of an authorization proc- 
ess in accordance with a fourth illustrative embodiment 
of the present invention. 

FIG. 1 3 shows a flow chart of a credit card purchase 
transaction to which a ftflh illustrative embodiment of the 
present invention may advantageously be applied. 

FIG. 1 4 shows a flow chart of an authorization proc- 
ess in accordance with a fifth illustrative embodiment of 
the present invention. 

Detailed Description 

Introduction 

Although the principles of the present invention may 
be applied to many donr^ins, the illustrative embodi- 
ments described in detail herein will focus on a credit 
card or debit card purchase transeKJtion. In these em- 
bodiments, a cardholder, who n^y or may not be the 
customer of the credit or debit card issuer, uses a credit 
or debit card (or a credit card number) to instrnd a re- 
tailer (a provider of a product or sen/ice) to charge a 
purchase to the given credit card account or to debit the 
amount of the purchase from the given debit card ac- 
count. The credit or debit card number serves as a cus- 
tomer identifier to the credit card service provider (e,g,, 
the issuer of the credit card). 

FIG. 1 shows a communications system arranged 
in accordance with certain illustiative emlxxJiments of 
the present invention to implement the principles there- 
of. The communications system of FIG. 1 includes a 
communications network 102. a validation database 
1 06 and a paging system network 111. Communications 
network 102 includes one or a series of interconnected 
communicatkxis switches arranged to relay to validation 
database 106 (via lines 130-1 to 130-N infom^ion re- 
ceived from card reader 101 . Specifically, when a credit 
card holder hands a credit cafd to a merchant to charge 
expenses associated with a transaction, the merchant 
slides the credit card through card reader 101 to read 
the credit card number, for example, off the magnetic 
stripe on the back of the credit card. An automata dialing 
unit included ri card reader 101 dials a telephone 
number associated with a database 106 of the card is- 
suer to validate the card number In particular, card read- 
er 1 01 transmits to valkJation database 1 06 a valkJation 
request message that is illustratively represented in 
FIG. 2. 

Simitarty, when the cardhoWer wishes to use a debit 
card such as an Auton^afic Teller Machine (ATM) card 
as a means of payment for a commercial transactkxi. 
the merchant enters a special code into card reader 101 
to initiate the alerting and approval process. Thereafter, 
card reader 101 retrieves the debit card number, for ex- 
ample, from the magnetfc stripe on the back of the debit 
card before prompting the cardhoWer for a secret code 
(e g., a PIN). Card reader 101 then transmits to vafida- 
tion datat>ase 101a vaBdation request message that is 



illustrated in FIG. 2. 

The message shown in RG. 2 includes a card 
nurTt>er 201 . a requested credit amount 202. a merchant 
code 203. and a validation request 204. When card 
5 number 201 is a debit card nunrtber. it also includes the 
PIN entered by the cardholder. Merchant code 203 is a 
fieW that kientifies the type of business from which the 
message associated with the transaction, is transmitted. 
Typrcally, the merchant code 203 is appended by card 
reader 101 after the requested credit amount 202 has 
been entered by the merchant, and the calling card 
number 201 has been retrieved from the magnetic stripe 
on the back of the card. The validatbn request field 204 
stores the code entered by a merchant to receive ap- 
proval from the party authorized to give such approval 
tor a debit card transaction. In the case where the card- 
hoWer is a minor, for example, by requesting approval 
di the transactkxi from a parent or guardian of the minor 
(7.©., the authorized party), the merchant and the debit 
card issuer are assured that the transaction cannot be 
voided by the minor at a later date on the ground that 
the minor lacked legal competency to enter into such 
transaction. 

Upon receiving a validation request message, vali- 
datk>n database 1 06 uses card number 201 as a search 
key to perform a table look-up operation for the purpose 
of retrieving the profile associated with the card number. 
When the cardholder is a minor, and the card is a stored- 
value smartcard. a passphrase or proxy information pro- 
30 vided by the minor n^y be used as search key to retrieve 
the profile of FIG. 3. 

Nfelkjation database 106 is a processor-controlled 
centralized database facility which is a repository of 
records or profiles for all credit/debit card numbers as- 
35 signed by a card issuer to its customers. Validation da- 
tabase 106 is designed to authorize transactions 
charged to card numbers stored therein. Such authori- 
zatkxi may be based on a set of pre-defined parameters 
included \n the profiles associated with the card num- 
40 t>ers. When a retrieved profile does not include a re- 
quirement for alerting or approval. valkJation of the card 
number may be performed in a conventional manner. 
When a profile stores alerting parameters that may re- 
quire communteations with one or more called parties. 
45 validatkxi database 106 uses one of the Automatic Di- 
aling Units (ADU) 110-1 to 110-N to dial a telephone 
number retrieved from a profile associated with a card 
number. 

Shown in RG. 3 is an illustrative table that associ- 
so ales alerting and approval th reshold parameters to cred- 
it card numbers. Each record in the table of FIG. 3 is a 
profile for a credit card number that fe used to detennine 
the manner in whkjh transactions charged to that credit 
cardnumberare processed. The tableofFIG.3includes 
£5 a cardholder's name fiekJ 301; a card number field 302; 
alert and authorization flags 303 and 304. respectively; 
a trigger group of fields; a communications address field 
307; a ncKanswer-credtt threshold fieW 309; and a no- 
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answer-transaction threshold field 310. CarcfiK>lder*s 
name field 301 stores the name of a card holder asso- 
ciated with a partcular card nunnber. The carcfix>lder's 
name field may contain, for example, the first ar>d last 
name of the cardholder (as shown for the first and third s 
record) or the first name (or nickr^me) of the cardholder 
(as shown for the second and fourth record). Credit card 
number 302 is used as a search key in the table lookup 
operation mentioned above, to retrieve the profile asso- 
ciated with that card number The alert flag field 303 in- io 
dicates that the card owner is to be notified, although 
possibly only under certain conditions. Such notification 
may be required lor example, when processing of the 
transaction would either cause certain conditions pre- 
defined for the use ol the card to be breached, or a '5 
threshold parameter to be exceeded. The approval flag 
field 304 alerts the care issuer that credit card transac- 
tkxis that violate pre-established conditbns need to be 
authorized by the card owner as part of the card valkla- 
tkxi process. These pre-established corwiilions may be 20 
pre-selected by the caid owner or they may be corKii- 
lions imposed by the card issuer. The trigger group of 
fiekis depk:ted in FIG. 3 illustratively shows different pa- 
rameters which cause a card owner to be notified when 
those parameters exceed certain pro<lefined thresh- 2S 
olds. The 'conditions* fiekj 305 shows restrk^tkxis pre- 
selected by the card owners for use of their credit cards. 
For example, the first record indicates that the card own- 
er wishes to be alerted whenever a cardholder charges 
nrKxe than one hundred {^Q0) dollars to the credit card 30 
number. The third record illustrates that the card owner 
wishes to authorize any credit card trar^ction for more 
than three hundred dollars. By contrast the owner of the 
credit card number associated with the third record 
wishes to be alerted whenever that card is used at com- 35 
merdal establishments associated with specific mer- 
chant codes. Some card issuers assign distinct mer- 
chant codes to commercial establishments, such as 
bars, hotels and liquor stores, thereby albwing credit 
card transactk>ns at those establishments to t>e easily 
identified. 

Other restrknions that nr^y be imposed by a card 
owner may inclutte. for example, the •maximum number 
of transactions" field 306 whch defines an upper limit 
on the nurrt>er of transactions tfiat can be charged to a ^ 
credit card numt}er within a predetermined period of 
time. For example, the second record indicates that the 
card owner's approval is required to valdate a credit 
card transactkxi when more than three credit card trans- 
actkxis have already t>een processed for that credit card ^ 
numl>er within a twenty-four (24) hour perkxi. Such a 
conditkx) may be useful for example, in detecting fraud- 
ulent use of a stolen credit card. When a transactkxi 
threshold number is used as a parameter for processing 
a credit card transactkxi, the transactkxi counter fieki ^ 
307 is Ir^cremented by 1 (one) eveiy ttrr>e a credit card 
transactkxi is processed. The transactkxi counter field 
307 reset to "0" after the predetefmined period (e.g.. 



24 hours) has expired. It will be appreciated that only a 
limited number of restrk^tkxis and/or aiithorizations are 
shown in FIG. 3 for ease of explanatkxi, even though 
many other restrictbns, obvious to those of ordinary skill 
in the art, may be requested by card owners or card is- 
suers for inclusion in the profile of FIG. 3. 

Whenever a card owner is to be notified of a condi- 
tion-breaching credit card transactkxi, the communica- 
tions address field 308 may be used to kjentify a tele- 
phone number or an electronic mail address at whrch 
the card owner can be reached. Preferably, the commu- 
nications address fiekJ stores a pager number associat- 
ed with a communicatk)ns carrier which provides paging 
service on a natkmwkJe basis to contact, for example, 
the card owners associated with the first and the fourth 
record. Alternatively, a personal telephone number, 
such as a "500" or a VCX)' prefix number may be used 
as a reach number for a card owner, such as the card 
owner associated with the second and third record 
shown in FIG. 3. As another alternative, an electrons 
mail address may be used which, in vark^us illustrative 
embodiments, may l>e either an address to whfch con- 
ventkxial electronic mail may be sent or an electronic 
address for use in other forms of electronic signaling 
such as. for example, a direct message communcated 
to the computer screen of a k>gged-on user or an inter- 
active electronic two-way communication mechanism 
(e.g., a "chat" or talk" program). 

Also included in the profile of FIG. 3 is no-answer- 
credit threshoki field 309 and rK>-answer-transactk>n 
threshold fieW 310. Those fields Wentify respectively, 
the maximum amount of credit that can be approved, 
and the maximum number of permissible transactkxis 
within a given perkxi of time, when the card owner can- 
not be reached by the communksatkxis system of FIG. 
1 . When the card owner does not wish any transactkxis 
to be authorized when he or she cannot be reached, 
then those fiekJs are set to zero. 

When the cost associated with the commercial 
transactkxi is charged to a debit card, as opposed to a 
credit card, only the card bower's name-field 304, the 
card number fiekJ 302 and the communicatkxis address 
fiekJ 308 are of particular relevance since the request 
for approval is initiated by the merchant and the com- 
mercial transaction is not completed when the debit card 
holder cannot be reached. 

Referring back to FIG. 1, when a transactkxi re- 
quest message, such as the one Qlustrated in RG. 2, is 
received by validatkxi database 106. the latter uses a) 
the inf ormatkxi included in that message, and b) the re- 
trieved profile associated with the card number in thiat 
message to determine whether at least one card owner 
pre-imposed oondttkxi has t>een breached (or a card 
owner pre-defined threshoki has been exceeded). If so, 
validatkxi database 106 fetches the communteations 
address of the credit card owner and any other appro- 
priate informatkxi to format an authorizatkxi request 
and/or alert message that Is transmitted to the card own- 
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er One such message is illustrated in f\G. 4 which 
shows a card holder's name field 401 . a display field 402 
and a field 403 that is populated by an entiy in the table 
illustrated in FIG. 5. The card hoWec's name is populated 
by the name that is included in the profile retrieved by 
validation database 106. Field 402 is a display field that 
always contains the two words 'Credit Card.' Held 403 
is populated by one of the entries ri the table of FIG. 5. 

The table of FIG. 5 shows three separate entries 
501. 502 and 503 representing different sections of 
three different messages. Each entry is comprised 
mainly of display information and one field that is popu- 
lated based on the particular condition that has been 
breached or the specific threshold that has been ex- 
ceeded. For example, when the requested credit 
amount for the transaction exceeds the charging limit 
pre-selected by the card owner, field 505 will be popu- 
lated by the difference between the nraximum charging 
amount and the requested credit amount. S'milarty 
when validation of a card number for a transaction would 
cause the maximum number of transactions per day 
pre-selected by the card owner to be exceeded, the con- 
tent of the transaction counter field is moved into field 
606. Likewise, when the card holder attempts to charge 
to a credit card number the expenses related to the pur- 
chase of an item from a commercial establishment that 
is associated with a prohibited merchant code, that code 
is translated to one of the establishnr>ent type entries 
shown in the table of FIG. 6. That table correlates each 
merchant code to a particular type of corrvnercial estab- 
lishment. For example, hypottietical merchant code 
1234 is associated with liquor stores, while fictitious 
merchant code 4567 is mapped to hotels and motels. 
Thus, once a merchant code is to a commercial estab- 
lishment type entry, that entry is simply copied to field 
507 of FIG. 5. 

By populating field 403 of FIG. 4 with one of the en- 
tries in FIG. 5, a complete message is formulated for 
transmission to the card owner. Thereafter, validation 
database 106 retrieves the communications address in 
the profile to send to the card owner the message illus- 
trated in FIG. 4 via an idle automatic dialing unit selected 
from ADU 110-1 to ADU 110-N. The latter are arranged 
a) to initiate phone calls by dialing telephone numbers 
received from validation database 106 and. b) to bridge 
those calls to other communications devices upon de- 
tecting a feecft>ack signal from the card owner. ADU 
1 1 0-1 to 11 0-N are also designed to terminate tfie call if 
rK> feedback signal is received after a predetermined pe- 
riod of time. 

If the communications address is a personal tele- 
phone number, such as a 'SOO" or VOO" prefix nunober 
(shown, for example, in the third record of FIG. 3), then 
database 106 transmits the message illustrated in FIG. 
4 to Interactive NADice Response System (IVRS) 125 be- 
fore sending the comnruinicatksns address of the card 
owner to an idle ADU. Upon receiving the number dialed 
by ADU 110-1. for example, communications network 



102 translates the 'SOO' or '700' prefix telephone 
nunr^ber to a Plain OW Telephone Service (POTS) tele- 
phone number at which the card owner can be reached. 
When ADU 110-1 detects a feedback signal from the 
5 card owner, it bridges the call (via line 140) to Interactive 
\foice Response System (IVRS) 125 that delivers the 
message of FIG. 4 in audio form to the card owner at 
telephone set 145, for example. Specifically IVRS 125 
is a processor that executes text-to-speech synthesis 
10 programmed instructions designed to use ASCII input, 
such as one of the messages shown in FIG. 4, to gen- 
erate a "read aloud* audio rendition of that ASCII input 
in a n^chine synthesized vorce. IVRS 125 is also ar- 
ranged to prompt a card owner to provide some input to 
IS approve or disapprove a partrcular transaction. For ex- 
ample, a card owner may be prompted to enter a M ■ on 
a telephone dialpad to approve a transactkxi. or a "2" 
on the dialpad to disapprove the transactton. Also in- 
cluded in IVRS 1 25 is a means to respond to touch-tone 
20 commands from a caller . In particular. IVRS 1 25 is ar- 
ranged to translate the Dual Tone Multi-Frequency (DT- 
MF) signal received from the card owner to a machine- 
readable format, such as ASCII, that is recognizable by 
validatkxi database 106. Alternatively, IVRS 125 may 
2S tficlude a word recognition unit that is arranged to output 
digitally recorded words, such as the messages in FIG. 
6, to prornpt a card owner for partteular informatk>n that 
is converted to ASCII format for delivery to validation 
datatjase 106. Furthermore, in order to insure that the 
30 person approving the transactran is the card owner, as 
opposed to an impostor, IVRS 125 may also include a 
speaker recognitton unit that stores templates of pre- 
recorded digitized vofce messages of the card owner 
that are compared to any input received from the called 
35 party to certify that the 'real' card owner is the person 
approving the transaction. 

If the communkjations address is a paging tele- 
phone number, then one of the ADUs 110-1 to 110-N 
dials the paging telephone number to initiate a call to 
40 tfiat paging telephone number for the purpose of deliv- 
ering one of the messages of FIG. 4 topagerdevk^e 1 35 
of the card owner. The call is routed over communtea- 
tions network 102 whch uses one of the demodulators 
120-1 to 120-N to transfonn the received message into 
4S proper signaling fom^t for delivery to paging system 
networtc 111 which rray be. for example, a satellrte- 
based nattonwkJe paging sen^tee network. Alternatively, 
pagmg system network 111 may be a cellular communi- 
catkxis networtc or a Personal Communcatkxis Servic- 
so es (PCS) networtc Paging system networtc 111 kicludes 
a base statkxi (not shown) that receives the dialed 
nunr*>er akxig with the message of FIG. 5. The base sta- 
Ikxi then kdentifies a partteular frequency associated 
with that paging telephone number to code the received 
ss message as a series of pulses represented by a carrier 
that is nwdulated on that frequency for delivery to pager 
1 35. The latter converts the pulses into a series of bytes 
representing the message of FIG. 5. Thereafter, pager 



6 



11 



EP0745 961 A2 



12 



135 emits a loud beep to signal the card owner of an 
inoomtng message. Altematrvety. pager 135 could be a 
vibrating pager which silently alerts the card owner of 
the irKxxning message through a vibration signal gen- 
erated therein in response to the reception of a mes- 
sage. 

When the Incoming message is an alert signal from 
validation datat>ase 106, pager 1 35 can be any commer- 
cially available paging device with a small screen for dis- 
playing the message of FIG. 4. However, if an approval/ 
disapproval response is requested by validation data- 
base 1 06. pager 1 06 may advantageously be a two-way 
paging device, such as the device available from Mobile 
Telecommunications Technology Inc. of Jackson. Mis- 
sissippi. In that case, the card owner transmits an ap- 
proval/disapproval message by entering a pre-defined 
code in the two-way pager. The pre-deHned code is then 
transmitted to validation database 106 via paging sys- 
tem network 111. The pre-defined code Is received by 
one of the demodulators t20-1 to 120-N which demod- 
ulates the signals associated with the received code for 
presentation to valklation database 106. Alternatively, 
pager 135 may be a one-way pager. In this case, If an 
approval/disapproval response is requested by valida- 
tion database 106, the card owner nnay communicate 
an approval/disapproval message to validation data- 
base 106 by other means, such as with use of a con- 
ventional telephone, for example. 

A first Illustrative embodiment 

FIG. 7 shows a ftow diagram in accordance with cer- 
tain illustrative embodiments of the present invention 
outlining prograrrvned instructions executed by different 
elements of the communications system of FIG. 1 to re- 
ceive an approval from a credit card owner for. or to alert 
a credit card owner of, a credit card transaction initiated 
by a card holder. The process shown in FIG. 7 is initiated 
in step 701 when validation database 1 06 receives a val- 
idation request for a credit card number. As mentkxied 
above, the request for approval nr^y be received in the 
form of a data message, such as the one illustrated in 
FIG. 2. Upon receiving the credit card number, validation 
database 106 uses the received credit card numt^er as 
a search key in an attempt to retrieve a profile for the 
credit card number. If rK> profile Is available in the vali- 
dation datat^ase for the credit card numt>er, as deter- 
mined in step 702. valkiation database retums an 'un- 
authorized transaction' message to card reader 1 01 via 
communications networi^ 102. When validation data- 
base 1 06 is able to retrieve a profile for the card nunnber. 
the profite is analyzed in step 704 to determine whether 
the requested credit anK>unt or the type of transactkxi. 
for example, triggers any alerting or request for approval 
conditior\s. if rK> such conditions are triggered, validation 
database 106 proceeds with the vafidalion process in a 
conventional manner. Otherwise, in step 706. validation 
database 106 ascertains whether the card owner Is only 



to be alerted when the pre-defined condition is encoun- 
tered. If so. validation database 106 retrieves from the 
profile the ciard owner's communcatlons address to 
which the alerting n^ssage is sent as indicated in step 

s 707. Thereafter, vaOdation database 106 proceeds with 
the validation process in a conventional manner. 

When the profile retrieved by validation database 
1 06 indicates that the card owner is to approve the credit 
card transaction (such as the one requested by the card 

10 hokier) valkiation database 1 06 formulates a request for 
approval message (using appropriate entries in FIG. 4 
and FIG. 5) for transmissbn to the card owner, as indi- 
cated in step 708. As mentioned above, the request for 
approval message may be delivered in the form of a tel- 

is ephone call or a paging message. After the transmissk)n 
of the message, validatkxi database waits for a re- 
sponse from the card owner. When valkiation database 
determines, In step 709. that no response is forthcoming 
after a pre-defined perkxi of time has expired, valkiation 

20 database 106, in step 711, assesses whether the re- 
quested credit amount exceeds the no^nswer-credit 
threshold. As indrcated earlier, the no-answer-credit 
threshold is a fieki in the profile for a card number which 
stores the maximum amount ot credit that can be ap- 

25 proved for a credit card transactkxi when the credit card 
owner cannot be reached by the communk^ations sys- 
tem of FIG. 1 . If the requested credit amount exceeds 
the no-answer-credit threshold, as determined in step 
71 1 . then validation datat>ase 1 06 retums an 'unauthor- 

00 ized transactkxi* message to card reader 1 01 . If the re- 
quested credit amount does not exceed the no-answer- 
credit threshold, the content of the transactbn counter 
fieW in the profile is compared to the no-answer-trans- 
actlon threshold to determine whether this threshokJ has 

3S been exceeded. If so. validatkx) database 106 retums 
an Invalid card message to card reader 1 01 , as indicated 
in step 705. If neither of the no-answer-thresholds has 
been exceeded, valkiation database 106 completes the 
validatk)n process in a conventkxial manner, as indksat- 

40 ed in step 703. 

When validation database 106 receives a response 
from the card owner within a pre-defined period of time, 
as determined in step 709. valklatk>n database 106 then 
assesses whether the response Indicates approval of 

45 the transactkxi by the card owner. If so, validatkxi data- 
base completes the validatkxi process in a conventional 
manner, as indicated in step 705. Optionally, the card- 
hokier may be required to provkie a secret code that 
matches a simitar code included in the response re- 

so ce'ived from the card owner before the transaction is au- 
thorized. If a disapproval response is received from the 
card owner, valkiatbn database 106 retums an 'unau- 
thorized transactkxi' message to card reader 101 . 
FIG. e is a flow chart outlining instructions per- 
ss formed by the elements of the illustrative conrvnunk:a- 
tkxis system of RG. 1 to valkiate a debft card transactkxi 
in accordance with a first illustrative embodiment of the 
present inventkxi. The process depk^ed in FIG. 8 is in- 
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itialed in step 601 when vaiidalion database 106 re- 
ceives a debit card number and a password entered by 
a minor card holder Validation database 106 launches 
a query on its storage devices to deteimttie. in step 802, 
whether a protile can be retrieved for the received card 
number. If no profile is found validation database 106 
transmits an 'unauthorized transaction' message to 
card reader 101 . as indicated in step 803. Upon retriev- 
ing a profile for the card number, validation database 
106 formulates a message using one of the entries of 
FIG. 4 for transmission to the card owner. Thereafter, 
validation database 106 waits a pre-defined amount of 
time to determine whether a response is received from 
the card owner If the pre-defined amount of time expires 
before a response is received from the card owner, val- 
idation database 106 returns an 'unauthorized transac- 
tion* message to card reader 101. as indicated in step 
803. When a response indicative of the card owner's ap- 
proval of the transaction is received from the cardowner, 
as determined in step 606. validation database 106 pro- 
ceeds with the validatiott ptocess in a conventional man- 
ner, as indicated in step 807 If the card owner sends a 
message disapproving the debit card transaction, vali- 
dation database 106 sends an "unauthorized transac- 
tion' message to card issuer 101. as indicated in step 
803. 

In other illustrative embodiments of the present in- 
vention, the authorization of a transaction may need to 
be approved t>y more than one party. For example, if the 
charge account is a corporate account and the amount 
of the charge is over a certain predefined threshold, it 
may be required that two authorized parties (e.g., cor- 
porate executives) approve the transaction. This is anal- 
ogous, for example, to the common requirement that 
corporate checks over a certain arrount (e.g., $1,000) 
irKlude two autfK)rized signatures to be valid. Similarly, 
if the transaction involves, for example, the dispensing 
of medications in a hospital (see below), it nay be de- 
sirable that both the patient's doctor and the hospital's 
pharmacist approve the treatment. In these cases, step 
806 of FIG. 8 is rrKKlified to determine whether all parties 
which are required to approve the transaction have done 
so. 

A second illustrative embodiment 



FIG. 9 shows a flow chart of a credit card purchase 
transaction to which certain illustrative embodiments of 
the present invention may advantageously be applied. 
The transaction is initiated by a cardholder fr.e., the cus- 
tomer) who instructs a retailer to charge a purchase to 
a given credit card account (step 11). This instruction 
usually takes the form of providing a credit card or a 
credit card number to the retailer. This transaclkxi may 
occur with the customer and the retailer coi>resent and 
in real-time, while the custonr>er is waiting. In this case, 
the timeliness with which the authorizatton process Is 
completed is clearly of great importance, since the rel- 



evant parties are awaiting such authorizatkxi before 
they may proceed with other endeavors. (For example, 
they may be walling so that the retailer may hand over 
the goods to the customer or provide a sewice thereto.) 
5 Thus, the communication to the customer and a confir- 
matfon or denial of authorization by the customer shoukJ 
advantageously occur quickly- For this reason, the use 
of two-way pagers is preferred for this type of application 
of the principals of the present invention. 
10 In alternative applications, the customer may have 
instructed the retailer (or an agent of the retailer) in per- 
son or via some coovnunication mechanism (e.g., a 
phone, mail, facsimile or electronic mail) at a time prior 
to the initiation of the transactkxi. Such instructbns 
IS might cover an immediate one-time purchase, a future 
purchase (e.g., the goods or service may not be imme- 
diately available) or a series of purchases to occur over 
a period of time. In cases such as these where the cus- 
tomer and the retailer are not co-present, the parties 
20 most typically do not require the authorization to be com- 
pleted before they may proceed with other endeavors. 
That is, it may be acceptable in these cases that the au- 
thorization process be completed over a kxiger period 
of time such as, for example, several hours or even a 
2S day. In these cases, therefore, other less immediate 
communksations mechanisms may be used, such as 
those provided by conventional telephones, e-mail, or, 
in some circumstances, even physical mail. 

In any event, the retailer's typical response to such 
30 instructions is to signal a transactton processing center 
(or a network of such centers) which is associated with 
the credit card service provider that a partteular custom- 
er (kJentffied by his or her credit card number) wishes to 
purchase goods or sen^ices of a partteular value. Thus, 
35 the retailerrequestsanauthorizationforthechargefrom 
the transactkxi processing center (step 12). Typk^lly, 
this request is initiated by swiping the credit card through 
an autorrated card reader (such as card reader 101 of 
FIG. 1) which reads the magnetic stripe on the credit 
40 card, dials the transactkxi processing center, sends the 
relevant information thereto and receives either an au- 
thorization code or a denial in response therefrom. The 
informatton transmitted to the transactkxi processing 
center typteally includes the credit card number, the 
45 amount of the contemplated purchase, and the retailer's 
store kJentmcatlon code (e.g., card number 201. re- 
quested credit amount 202, and merchant code 203 of 
FIG. 2, respectively). The retailer then waits for an au- 
thorization from the transactkxi processing center whfch 
so represents that the charge will be undenmitten (ie., in- 
sured) by the credit card seortce provkJer. This authori- 
zation is typfcally sent to the retailer in the form of an 
authorizatkxi code whfch Wentifies the transaction and 
can thereby bo used to verify that the authorizatkxi proc- 
55 ess was property adhered to by the retailer. One typfcal 
reason for denial, on the other hand, is that the balance 
on the customer's account has exceeded (or, if the given 
purchase were authorized wouW exceed) a predeter- 
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mined credit limit associated with the customer's ac- 
count. In accordance with certain illustrative embodi- 
ments of present invention, another reason for denial is 
the tack of the receipt of an appropriate confirmation (or 
the receipt of an explicit denlaO by the customer whose 
account is to be charged. 

At the transaction processing center, the authoriza- 
tion process is performed automatically by a computer 
based system cornprising« inter alia, a database (e.g., 
validation database 106 of FIG. 1) containing account 
information for each credit card subscriber (step 13). 
That is. such a system automatically makes the decision 
whether to authorize or deny the transaction - no hu- 
man intervention is typically required at the transaction 
processing center. If the transaction is authorized (de- 
cision 14), as is typically indicated by the appearance of 
the authorization code on the display of the retailer's 
card reader, the retailer is thereby authorized by the 
credit card issuer to accept the charge for the purchase. 
Thus, the charge is accepted and the transaction is com- 
pleted (step 15). If. on the other harxj the transaction is 
denied by the transaction processing center (typically 
indicated by the appearance of a denial code on the card 
reader's display), the retailer denies the charge and ter- 
minates the transaction (step 16). 

FIG. 1 0 shows a flow chart of an automated author- 
ization process which may be used to irrplement step 
1 3 of the process of FIG. 9 in accordance with a second 
illustrative embodiment of the present invention. The 
process of FIG. 10 is illustrativety executed by a com- 
puter system at the transaction processing center in re- 
sponse to each received request for the authorization of 
a transaction. The received authorization request (typi- 
cally transmitted by an automated card reader at the re- 
tailer's location such as card reader 101 of FIG. 1) in- 
cludes, tn particular, a customer identifier (i.e., the credit 
card number) and may, for example, also include the 
amount of the proposed purchase and the retailer's 
store identification code (step 20). Based on the cus- 
tomer identifier, a database (such as validation data- 
base 106 of FIG. 1) is consulted to determine whether 
the transaction should be authorized (steps 21 and 22). 
For example, the database may include account ba\' 
ance and credit limit infomr^tion indicating that the cus- 
tomer's account balance is not permitted to exceed a 
given credit limit. In such a case, the system will deter- 
mine that the transaction should not be authorized if the 
sum of the account balance and the amount of the purr 
chase to k>e authorized exceeds the credit f mnit. In addi- 
tion, invalid or (known to be) stolen credit cards obvi- 
ously should rK>t be authorized. 

If it is determined from the analysis of step 22 that 
the purchase should not be authorized for some reason 
(decision 23). the system will format a denial code (step 
24). If, on the other hand, there is rK> basts for denying 
the transaction, the system will, in accordance with the 
principles of the present inventkxi. make an attempt to 
have the (tentative) authorizaton confirmed by the cus- 



tomer. In particular, and in accordance with a second 
illustrative embodiment thereof, the system will auto- 
matically page the customer (using, for example pager 
135 of FIG. 1). supplying to him or her any relevant in- 

5 formation concerning the purchase (step 25). For exam- 
ple, the system might supply the customer with an iden- 
tity of the retailer and/or the amount of the purchase, in 
order to enable the customer to more accurately ensure 
that the transactkxi to be authorized is, in fact, the one 

10 he or she is presently undertaking, or, alternatively, that 
the transactkxi is one being undertaken by an agent and 
the principal (i.e„ the customer) approves thereof. The 
customer's pager number (i.e., the telephone number 
which is used to communicate with the pager) may. for 

IS example, be stored in the database and associated with 
the customer's account, as is shown in FIG. 3. 

Once the customer has been paged, the system of 
the second illustrative embodiment waits for a confirma- 
tion from the customer which may be supplied with use 

20 of the customer's two-way pager (step 26). If the cus- 
tomer responds with an appropriate confirmation (deci- 
son 27), the system generates, formats and stores an 
authorization code whk^ will enable the transaction to 
be completed. If, on the other hand, the customer does 

2S not confirm the transaction (e.g., if no response is re- 
ceived from the customer within a predetermined 
arrKXjnt of tirrte), the system formats a denial code (step 
24). After either a denial code or an authorization code 
has been formatted, it is sent to the retailer (e.g.., to card 

30 reader 101 of FIG. 1) who originally submitted the au- 
thorization request (step 29). 

A Third Illustrative Embodiment 

ss FIG. 11 shows a flow chart of an automated author- 
ization process which may be used to implement step 
13 of the process of FIG. 1 in accordance with a third 
illustrative embodiment of the present invention. As can 
be seen from the figure, the illustrative process of FIG. 

40 11 is identkjal to the illustrative process shown in FIG. 
10 except that decision 27. which determined whether 
a confimnatkxi was received from the customer is re- 
placed by decisk>n 30, whkJh detennines whether a de: 
nial is received from the customer. Other embodiments 

45 of the present invention may cornbine those shown in 
FIG. 10 and FIG. 11 by accepting either a confinnation 
or a denial from the customer In such a case, the default 
fte., timeout) crfterion may be either an assumed con- 
fimnafion or an assumed denial. 

so 

A Fourth Illustrative Embodiment 

FIG. 12 shows a ftow chart of an authorizatton proc- 
ess which may be used to implement step 1 3 of the proc- 
ss ess of FIG. 9 Bi accordance with a fou rth illustrative em- 
bodiment of the present invention. This fourth embodi- 
ment may advantageously be emptoyed when the cus- 
tomer has only a one-way (as opposed to a two-way) 
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pager, since it allows for the customer's confirmation to 
be communicated indirectly through the retailer Specil- 
ically, the illustrative process of FIG. 12 is identical to 
that of the illustrative embodiment of FIG. 10 and FIG. 
1 1 except in the mechanism by which the custon^er con- 5 
firmalion is requested and received. 

In particular, when decision 23 determines that it is 
okay to authorize the transaction, the illustrative system 
of this fourth embodiment generates a confim^tion 
code and supplies that code to the customer via his or f 
her (one-way) pager (steps 41 and 42). The supplied 
confirmation code rnay. for example, be randomly gen- 
erated so as not to be predictable. In this manner, the 
confirmation code will be known only to the customer 
(and not. for example, to a fraudulent user of the cus- ^ 
tomer's credit card number who is not in possession of 
the customer's pager). The confirmation code may then 
be used to indirectly confirm the authorization. For ex- 
ample, where the customer is making a face-to-face pur- 
chase in a store, the customer may provide the confir- ^ 
mation code supplied by the transaction processing 
center to the retailer, who may, in turn, provide that con- 
firmation code back to the transaction processing cent- 
er. This latter step may be performed, for example, with 
use of the automated card reader which is already in i 
communication with the transaction processing center. 

Thus, after the illustrative process of FIG. 12 has 
supplied the confinnatfon code to the customer, step 43 
waits for a responsive input which includes a (return) 
confirmation code (e.g., from the automated card read- 
er). Then, the confimiation code which was supplied for 
the given transaction is compared to the confirmation 
code that was received (deciskxi 44) to ensure that the 
customer is. in fact, providing a proper confirmation of 
the authorizatkxi. If the supplied confirnr^tion code 
matches the received confinratkxi code, the system au- 
thorizes the transaction (steps 28 and 29). If they do not 
match, or if the system receives no responsive confir- 
mation code after a predetermined an>ount of time has 
elapsed, the transaction is denied (steps 24 and 29). 

A Fifth Illustrative Embodiment 

FIG. 1 3 shows a flow chart of a credit card purchase 
transactton to which a fifth illustrative embodiment of the 
present invention may advantageously be applied. This 
fifth embodiment eliminates the need for performing 
mutlipie communications at the time of purchase. That 
is. the extra time that may olhemvise be required to page 
the customer and receive a confimriation or denial of the 
pending authorization are not needed when this fifth il- 
lustrative embodiment is employed. 

Priorto the initiation of thetransaction itself, the cus- 
tomer requests and receives a confirmation code for use 
in a speciffcally kJentified subsequent transactkw (steps 
51 and 52). This confirmation code, which may. for ex- 
ample, be randomly generated, will be known only to the 
customer who intends to execute the specific transac- 



tion (0,9., nnake a partwular purchase), or. alternatively, 
to an agent of the customer (Lb,, the principal) to wtiom 
the customer has communicated the given confimiation 
code. The specific transactkxi may. for example, be 
kJentified based on the retailer's store kientificatkxi code 
(such as merchant code 203 of FIG. 2) or other identi- 
fying indicia of the retailer. Then, when the purchase is 
initiated, the customer (or the principars informed 
agent) provides the previously received confirmation 
0 code to the retailer, wtx), in turn, provkJes the confinna- 
tion code to the transaction processing center which 
performs the automated authorizatkxi process (steps 
53-55). The automated authorizatkxi system can then 
use the received confirmation code in a n^ner similar 
5 to that of the fourth illustrative embodiment shown in 
FIG. 12 for purposes of confirming an authorizatton of 
the transactkxi. Note that since the two-way communi- 
cation process of steps 51 and 52 need not occur at the 
time (or at the tocation) of the purchase but. rather, may 
*o precede the transadkxi by a substantial amount of lime , 
a wide variety of conrwnunicatkjns devfces (in addition to 
one-way or two-way pagers) may advantageously be 
used in realizing the fifth illustrative emtxxdiment. 

FIG . 14 shows a ftow chart of an automated author- 
?5 ization process which may be used to implement step 
55 of the process of FIG. 1 3 in accordance with the fifth 
illustrative embodiment of the present inventkHV As de- 
scribed above, upon the receipt of a customer's request 
for a confirmation code to be used in executing a specific 
30 (future) transaction, the illustrative authorization system 
generates and supplies a confirmation code to the cus- 
tomer. In additton to Its being supplied to the customer, 
however, this confirn^tion code is associated with the 
customer dentifier and. for example, the retailer store 
35 kJentification code, and this data is then stored in the 
transactkxi processing center database fe.g., validation 
database 106 of FIG. 1) for later retrieval - that is, when 
the identified transaction is actually executed. Thus, up- 
on a request for authorization of the given transaction, 
40 the illustrative process of FIG. 1 4 retrieves the prevk>us- 
ly supplied confirmatfon code from the database based 
on the customer kJentifier and the retailer store kJentifi- 
catk>n code (steps 61 and 62). Tnen. after it is deter- 
mined that the transaction shouW (otherwise) be aulhor- 
45 ized. the system verifies that the confimiatkxi code re- 
ceived with the request for authorizatkxi matches the 
confirmatkMi code prevkMisly supplied to the customer 
(deciskxi 63). If they do in fact nr^tch. the authonzation 
may be confirmed (steps 28 and 29). 

so 

A Sixth Illustrative Embodln^t 

In accordance with a sbcth illustrative embodiment 
of the present inventk)n. a confimnation code may be 
ss provkied to a customer without the customer making a 

specific request therefor. This embodiment may be ad- 
vantageously applied to a credit card purchase transac- 
tion in a similar manner to the fifth illustiativo embodi- 
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ment described above. In particutar, the flow chart 
shown in FIG. 1 3 nriay be modrfied by removing step 51 
therefrom Then, instead of the customer requesting and 
receiving a confirmation code for use in a specifically 
identified subsequent transaction, the customer (auto- 
matically) receives a new confinmation after each trans- 
action and/or periodically (e.g., each morning) for use 
in his or her next transaction. By limiting the use of the 
given confimnatlon code to. for example, a single trans- 
action, the advantages of the present invention in pro- 
tecting against fraudulent transactions is obtained, while 
rK) direct corrvnunication from the customer to the trans- 
action processing center is required. Thus, for example, 
as in the case of the fourth and fifth illustrative embod- 
iments, one-way pagers may advantageously be used. 
Moreover, the use of a confirmation code which does 
not match the last previously supplied confirmation code 
but. rather, matches one used in a previous transaction 
may well be irxJicative of fraud. 

Although a number of specific embodiments of this 
invention have been shown and described herein, it is 
to be understood that these embodiments are merely 
illustrative of the many possible specific an-angements 
which can be devised in application of the principles of 
the invention. Numerous and varied other arrangements 
can be devised in accordance with these principles by 
those of ordinary skill in the art without departing from 
the spirit and scope of the invention. For example, al- 
though the embodiments described atx>ve have fo- 
cused on a credit card purchase transaction, it will be 
obvious to those of ordinary skill in the art that the prin- 
ciples of the present inventkxi may be applied to a wide 
variety of transactions including, but not limited to, tele- 
phone calling card transactions, banking transactbns 
including those using FINs, stock and commodity trad- 
ing transactkxis. and secure access transactkxis such 
as computer access transactkxis based on computer 
passwords. In additkxi, the principals of the present in- 
ventkxi may be applied to numerous other types of se- 
cure access transactions such as physrcal access (La, 
entry) transactk>ns including those used for purposes of 
inventory control. For example, an entry door toasecure 
room (e.g., a hospital's medcatk)n room) or to a secure 
facility may t>e kxked by an electronk: kx^king system 
(e.g., combtnatkxi keypad or card access entry) which 
is electronicaify linked to a central facility such as the 
transaction processing center descrft>ed above. Then, 
any attempt to enter the room or facility may be made 
subject to confirmation in accordance with the principals 
of the present trlventkxi. 

In addition, although the above embodiments fo- 
cused primarily on communk^atkxi via wireless paging 
devices (e.g., one-way or two-way pagers), it will be ob- 
vkHis to Vt\oG& skBled in the art that many other oommu- 
nk:ations nnechanisms may be used instead of . or in ad- 
ditk>n to. wireless paging devices. These mechanisms 
iTKlude, for example, cellular telephones. conventk>nal 
wired telephones, persorial computers, etc. 



Claims 

1. An automated method for authorizing a transactkxi. 
saki transactkxi based on a customer klenttfier as- 

B sociated with a customer, the method comprising 
the steps of: 

receiving a request to authorize sakJ transac- 
tion, said request including said customer tden- 
10 tifier 

determining, in response to said request and 
based on said customer identifier, whether to 
authorize said transaction; 
if said determining step determines that said 
'5 transaction is to be authorized, communicating 

said determination to sakJ customer; 
receiving a communk^atbn from sakJ customer 
confirming that saki customer consents to said 
transactkxi being authorized; and 
20 authorizing said transactkxi in response to said 

communtoatkxi received from said customer. 

2. An automated method for authorizing a transaction. 
saW transactkxi based on a customer kJenlifier as- 

25 sociated with a customer, the method comprising 
the steps of: 

receiving a request to authorize said transac- 
tion, said request including sakl customer kJen- 
30 tifier. 

determining, in response to said request and 
based on said customer kJentifier, whether to 
authorize said transactkxi; 
if sad determining step determines that said 
55 transactkxi is to be authorized, communicating 

saki determinatkxi to said customer; and deter- 
mining whether a communrcatton indicating 
that said transaction is not to be authorized is 
received within a given amount of time from 
40 sakJ customer; and 

authorizing sakJ transactkxi if saki communfca- 
tion from sakl customer is not received within 
sakj given amount of time. 

45 3, The method of claim I or 2 wherein said step of com- 
municating said determination to sakl customer 
comprises transmitting signals representative of 
sakj deterniinatkxi to a wireless telecommun Na- 
tions receiver. 

so 

4. The method of claim 3 wherein sakl wireless tele- 
communicatkxis receiver comprises a display and 
wherein said step of communk^ating saki determi- 
nation to sakJ customer comprises communicating 

ss sakJ customer klentifier to saki customer. 

5. The method of claim 3 wherein saki wireless tele- 
communicatkxis receiver comprises a display and 
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wherein said step of communicating said detemni- 
nation to said customer comprises communicating 
an identity of said provider to said customer. 

6. The method of claim 3 wherein said wireless tele- 
communications receiver conprises a two-way 
pager and wherein said communication from said 
customer confirming that said customer consents 
to said transaction being authorized is transmitted 
by said customer with use of said two-way pager. 

7. An automated method for authorizing a transaction, 
said transaction based on a customer identifier as- 
sociated with a customer, the method comprising 
the steps of: 

communicating to said customer a confirmation 
code for use in executing said transaction; 
receiving a request to authorize said transac- 
tion, said request including said customer iden- 
tifier and said confirmation code; 
determining, in response to said request, based 
on said customer identcfier. and based on 
whether said received confirmation code 
matches said confirmatbn code communicated 
to said customer, whether to authorize said 
transaction; 

authorizing said transaction if said determining 
step determines that said transaction is to be 
authorized. 

8. The method of claim 7 wherein said step of commu- 
nicating to said customer a confirmation code for 
use in executing said transaction is performed in re- 
sponse to receiving a connmunication from said cus- 
tomer indicating that said customer desires to exe- 
cute said transaction. 

9. The method of claim 7 further comprising the step 
of communicating a second confirnnation code to 
said customer after authorizing said transaction, 
said second confirmation code for use in executing 
a second transaction subsequent to said transac- 
tion and being different from said confirmation code. 

10. An automated method for authorizing a transaction, 
said transaction based on a customer Identifier as- 
sociated with a customer, the method connprising 
the steps of: 

receiving a request to authorize said transac- 
tion, said request including said customer iden- 
tifier, 

determining, in response to said request and 
based on said customer identifier, whether to 
authorize said transaction; 
if said determining step determines that said 
transaction is to be authorized, communicating 



to said customer a confirmation code for use in 
conrpleting execution of said transaction; 
receiving a communication conDprising said 
confinmation code; and 
5 authorizing said transaction in response to said 

received confirmation code matching said con- 
firmation code communicated to said customer. 

11. The method of claim 7 or 10 wherein said step of 
10 communicating to said custonner said confirmation 

code comprises encodingsaid confirmation code to 
provide a secure communication thereof. 

12. The method of claim 1 , 2, 7 orl 0 wherein said trans- 
is action comprises a sales transaction and wherein 

said customer identifier comprises a credit card 
number. 

1 3. The nr»ethod of claim 1 , 2. 7 or 1 0 wherein said trans- 
20 action comprises placing a telephone call and 

wherein said customer identifier comprises a tele- 
phone calling card number 

1 4. The method of claim 1 . 2, 7 or 1 0 wherein said trans- 
25 action comprises a banking transaction and where- 
in said customer identifier comprises a bank card 
number. 

15. The method of claim 1 , 2. 7 or 1 0 wherein said cus- 
30 tomer idenfifier comprises a Personal Identification 

Number. 

16. The method of claim 7 or 10 wherein said step of 
communicating said confirmation code to said cus- 

35 tomer comprises transmitting a signal representa- 
tive of said confirmation code to a wireless telecom- 
munications receiver, 

17. The method of claim 3 or 16 wherein said wireless 
40 telecommunications receiver comprises a pager. 



1 a. An autonr^ated system for use in authorizing a trans- 
action, said transactkxi based on a customer iden- 
tifier associated with a customer, the system com- 
45 prising: 

a receiver adapted to receive a request to au- 
thorize said transaction, said request including 
said customer kjenttfier; 

so nneans for determining, in response to sakJ re- 

quest and based on said customer identifier, 
whether to authorize said transaction; 
a transmitter adapted to conrwnunicale said de- 
termination to said customer if said moans for 

ss determining determines that said transacUon is 

to be authorized; 

a receiver adapted to receive a commimication 
from said customer confirming that said cus- 
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tomer consents to said transaction being au* 
thortzed;and 

means for authorizing said transaction in re- 
sponse to said corrtmunication received from 
said customer. 

1 9. An automated system for use in authorizing a trans- 
action, said transaction based on a customer iden- 
tifier associated with a customer, the system com- 
prising: 

a receiver adapted to receive a request to au- 
thorize said transaction, said request including 
said custonDer identifier, 
means for determining, in response to said re- 
quest and teased on said customer identifier, 
whether to authorize said transaction; 
a transmitter adapted to communicate said de- 
tenmination to said customer if said means for 
determining determines that said transaction Is 
to be authorized; 

a timer adapted to determine whether a com- 
munication indicating that said transaction is 
not to be authorized is received within a given 
anrujunt of time from said customer, and 
nrwans for authorizing said transaction if said 
communication from said customer is not re- 
ceived within said given anKXint of time. 

20. An automated system for use in authorizing a trans- 
action, said transaction based on a customer Iden- 
tifier associated with a customer, the system conrv 
prising: 

a receiver adapted to receive a conmunication 
from said customer irxJicating that said custonr>- 
er desires to execute said transaction; 
a transmitter adapted to communicate to said 
customer a confirn^tion code for use in execut- 
ing said transaction; 

a receiver adapted to receive a request to au- 
thorize said transaction, said request including 
said customer identifier and said confim^ation 
code; 

means for determining, in resportse to said re- 
quest, based on said customer identifier, and 
based on whether said received confirmation 
code matches said confirmation code commu- 
nicated to said customer, whether to authorize 
said transaction; and 

mearts for authorizing said transaction if said 
means for determining determines that said 
transaction is to be authorized. 

21. An autonr^ated system for use in authorizing a trans- 
action, said transaction based on a customer iden- 
tifier associated with a customer, the system com- 
prising: 
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a receiver adapted to receive a request to au- 
thorize said transaction, said request including 
said customer ident^er; 
means for detemntnlng. In response to said re- 
quest and based on said customer identifier, 
whether to authorize said transaction; 
a transmitter adapted to conrununicate to said 
customer a confirmation code for use in com- 
pleting execution of said transaction if said 
means for determining determines that said 
transaction is to be authorized; 
a receiver adapted to receive a communication 
comprising said confirmation code; and 
means for authorizing said transaction in re- 
sponse to said received confirmation code 
matching said confirmation code communicat- 
ed to said customer. . 

22. A method of processing a transaction, the method 
comprising the steps of: 

receiving information associated with a trans- 
action initiated by an agent of a principal; 
retrieving a profile based on said information 
associated with said transaction; 
comparing at least a portion of said information 
to data included in said profile; and 
in response to said comparison, notifying said 
principal of said transaction. 

23. The method of claim 22 wherein said notifying step 
further includes the step of transmitting a message 
to said principal to request approval for the trans- 
action. 

24. The nr>ethod of claim 23 further comprising the steps 
of: 

receiving an approval signal from said principal; 
and 

in response to receiving said approval signal, 
authorizing said transaction. 

25. The n>ethod of claim 24 wherein the approval signal 
from the principal is transmitted from a paging de- 
vice which received the notification In response to 
the comparison. 



26. The method of claim 23 further comprising the steps 
so of: 

receiving a disapproval signal from said princi- 
pal; and 

in response to receiving said disapproval sig- 
65 nal, invalidatffig said transaction. 

27. The nr>ethod of claim 23 further comprising the step 
of invalidating said transaction when no signal is re- 
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ceived from said principal in response to said re- 
quest for approval nnessage. 

28. The method ot claim 22 wherein said comparing 
step further includes the step of detemiining wheth- 
er parameters included in said second subset of in- 
formation exceed threshold values represented by 
said data included \n said profile. 
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ther mcludes means for determining whether pa- 
rameters included in said second subset of informa- 
tion exceed threshold values represented by said 
data included in said profile. 
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29. A system for processing a transaction, the system io 
comprising: 

a database which receives infomnation associ- 
ated with a transaction initiated by an agent of 
a prir>cipal and which stores a profile defined 
by said principal; 

a processor which a) retrieves said profile from 
said database tjased on said information asso- 
ciated with said transaction, and b) compares 
at least a portion of said information to data in- 
eluded in said profile; and 
a network over which a notification signal is 
transmitted to said principal in response to said 
comparison. 

2S 

30. The system of claim 29 wherein said notifK^ation sig- 
nal includes a nrmssage requesting approval of the 
transaction. 

31. The system of claim 30 further comprising: 30 



an end-user device from which an approval sig- 
nal is transmitted by said principal to said data- 
base; and 

means responsive to receiving said approval 55 
signal at said database, for authorizing said 
transaction. 



32. The system of claim 31 further comprising a paging 
device which a) receives the notification signal in 
respor^e to the comparison, and b) transmits the 
approval signal from the principal. 

33. The system of claim 30 further comprising: 

4S 

an end-user device from which a disapproval 
signal is transmitted by said principal to said da- 
tabase; and 

nr>eans responsive to receiving said disapprov- 
al signal at said database, for invalidating said so 
transaction. 



34. The system of claim 30 further comprising means 
for invalidating said transaction when no signal is 
received from said principal ri response to said re- ^ 
quest for approval message. 

35. The system of claim 29 %vherein said processor fur- 
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